looking up pgp keys
John at enigmail.net
Thu Sep 12 01:48:57 CEST 2013
LTim Prepscius wrote:
> Thank you very much for this feed back.
> I'm thinking, thinking, thinking...
> Here is sort of a naive question:
> Why aren't the results from the http://pgp.mit.edu:11371 signed with their key?
> They have an http request but there is no way I can tell if I've been mitm-ed.
As others have replied, it's not the keyserver's responsibility
> I should be able to ask each server I request from, the public key of
> the other servers, and then check the signature of each against each
> Is this implemented and I'm missing it somehow?
Aside from what is required to calculate a fingerprint, and in SKS' case the
hash used in reconiliation, there is NO crypto functionality built into the
keyserver software. That responsibility rests with the client software.
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 475 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel